Deploy the OpenToken IIS Agent on your IIS server to allow it to communicate with PingFederate.
-
If your IIS server is version 8 or later, add the IIS server role and role
services.
- In Server Manager, on the Manage menu, click Add Roles and Features.
- In the Add Roles and Features Wizard, on the Before You Begin tab, click Next.
- On the Installation Type tab, select Role-based or feature-based installation. Click Next.
- On the Server Selection tab, select the IIS server. Click Next.
- On the Server Roles page, select Web Server (IIS).
- On the Features tab, click Next.
-
On the Web Server Role (IIS) > Role Services tab, in Web Server > Application Development , select .NET 3.5 Extensibility and
.NET 4.6 Extensibility.
Depending on your version of Windows, you might need to select .NET 4.5 Extensibility or .NET 4.7 Extensibility.
- If you receive a message that asks you to add features that are required for Web Server (IIS), click Add Features.
- Click Next.
-
On the Confirmation tab, check that the configuration is
correct. Click Install.
This step can take several minutes.
- Once the installation is complete, click Close.
-
Deploy the OpenToken IIS Agent.
- Extract the IIS Integration Kit distribution file on the IIS server, and then go to dist/(x86) or dist/(x64).
- Run setup.exe to install the OpenToken HTTP Module into the Windows Global Assembly Cache.
-
If your IIS server is version 7, register IIS with .NET Framework 4.0 by entering
the following command at the Windows command prompt:
<Windows_install>\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -iru
- Move the agent-config.txt that you exported in Configuring an OpenToken SP Adapter instance to C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\conf or your equivalent.
-
Configure the OpenToken IIS Agent properties file.
- Open C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\conf\pfisapi.conf for editing.
- Configure it to suit your environment based on the property descriptions in the file.
-
If you use IIS to protect multiple sites on the same domain, set
SameSiteCookie=None
andSecureCookie=YES
. - Save the file.
- If you backed up a previous copy of the file in Upgrading an existing deployment, refer to that file to add new properties and restore your previous settings.
- Restart IIS.
Note:You can test your configuration by deploying the sample application (PFIsapiSample) that is included in the installation. See C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\samples or your equivalent.